speed-of-heat Posted April 22, 2020 Posted April 22, 2020 I got this message this morning firing up DCS: Threat Detected: Trojan:Win32/Wacatac.D!ml Alert Level: Severe Category: Trojan Details: This program is dangerous and executes commands from an attacker Affected items: file: E:\Games\Eagle Dynamics\DCS World Openbeta\Mods\aircraft\F14\bin\F14-HeatblurCommon.dll with a link for more info here https://go.microsoft.com/fwlink/?linkid=142185&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373 I'm guessing this is a false positive ... but do want to check with MS https://www.microsoft.com/en-us/wdsi/filesubmission SYSTEM SPECS: Hardware AMD 9800X3D, 64Gb RAM, 4090 FE, Virpil T50CM3 Throttle, WinWIng Orion 2 & F-16EX + MFG Crosswinds V2, Varjo Aero SOFTWARE: Microsoft Windows 11, VoiceAttack & VAICOM PRO YOUTUBE CHANNEL: @speed-of-heat
dolfo Posted April 28, 2020 Posted April 28, 2020 Same, different file. file: D:\DCS World OpenBeta\Mods\aircraft\AJS37\bin\AJS37-Avionics.dll
draconus Posted April 28, 2020 Posted April 28, 2020 https://forums.eagle.ru/showpost.php?p=4305536&postcount=12 Solution for now is to whitelist (exclude from scanning) DCS folders in your AV software. Win10 i7-10700KF 32GB RTX4070S Quest 3 T16000M VPC CDT-VMAX TFRP FC3 F-14A/B F-15E CA SC NTTR PG Syria
speed-of-heat Posted April 28, 2020 Author Posted April 28, 2020 https://forums.eagle.ru/showpost.php?p=4305536&postcount=12 Solution for now is to whitelist (exclude from scanning) DCS folders in your AV software. with respect, that's not a solution, that's a terrible idea. A solution would be for the company to submit its exe/dll/etc... into one of the major AV vendors for analysis ... and then it flow out to the ecosystem... SYSTEM SPECS: Hardware AMD 9800X3D, 64Gb RAM, 4090 FE, Virpil T50CM3 Throttle, WinWIng Orion 2 & F-16EX + MFG Crosswinds V2, Varjo Aero SOFTWARE: Microsoft Windows 11, VoiceAttack & VAICOM PRO YOUTUBE CHANNEL: @speed-of-heat
captain_dalan Posted April 28, 2020 Posted April 28, 2020 Yep, had one too. Ended up misplaced in another sub-forum: https://forums.eagle.ru/showthread.php?t=271271 Modules: FC3, Mirage 2000C, Harrier AV-8B NA, F-5, AJS-37 Viggen, F-14B, F-14A, Combined Arms, F/A-18C, F-16C, MiG-19P, F-86, MiG-15, FW-190A, Spitfire Mk IX, UH-1 Huey, Su-25, P-51PD, Caucasus map, Nevada map, Persian Gulf map, Marianas map, Syria Map, Super Carrier, Sinai map, Mosquito, P-51, AH-64 Apache
Shibbyland Posted April 29, 2020 Posted April 29, 2020 I agree with Speed-of-heat. It's the publisher's responsibility to make sure their product is not running into issues like this. Each to their own but I don't intend to turn off protections. If Eagle Dynamics are aware of the issue, then they can submit the file to the affected AV provider and if it's assessed as safe, the AV provider will let it through. I wouldn't suggest turning off your AV just so you can play a game, even trusted publishers can be compromised by external parties.
draconus Posted April 29, 2020 Posted April 29, 2020 I wouldn't suggest turning off your AV just so you can play a game, even trusted publishers can be compromised by external parties. Even trusted AV companies can be compromised and the system you're running all of it on. You've been given the information. What you do with it is your choice. Afaik the stable version does not have this problem so there it is if you wish. Win10 i7-10700KF 32GB RTX4070S Quest 3 T16000M VPC CDT-VMAX TFRP FC3 F-14A/B F-15E CA SC NTTR PG Syria
Shibbyland Posted April 29, 2020 Posted April 29, 2020 As I said, each to their own. I have made my choice, I'm going with my AV. I've got two purchases I'm holding off on pending a resolution to this issue. Hopefully ED submit the files causing the problem soon and if they're safe then the AV will let it through. True about stable version but what happens when stable is updated to the open beta build and the AV picks up the files there?
speed-of-heat Posted April 29, 2020 Author Posted April 29, 2020 (edited) Sorry Draconus, you are normally very helpful, in this case your advice is neither helpful , or accurate , and whilst its true everyone could be compromised, including AV vendors, thats akin to saying don't wear a seat belt because the manufacturing process is imperfect... Edited April 29, 2020 by speed-of-heat SYSTEM SPECS: Hardware AMD 9800X3D, 64Gb RAM, 4090 FE, Virpil T50CM3 Throttle, WinWIng Orion 2 & F-16EX + MFG Crosswinds V2, Varjo Aero SOFTWARE: Microsoft Windows 11, VoiceAttack & VAICOM PRO YOUTUBE CHANNEL: @speed-of-heat
draconus Posted April 29, 2020 Posted April 29, 2020 No one forces you turn off the AV. It's your rightful choice to wait for the better versions of both DCS and/or AV defs if you wish so. Hopefully the stable, when it comes, will have these problems sorted after ED is happy with the beta. I just gave info on options to let anyone enjoy the working beta when troubles like these happen. Keep in mind there are hundreds of thousands players enjoying it including devs, content creators and popular youtubers. The reason behind AV alarms is the copy protection changes ED uses in their code which trigger detecting potentialy suspicious actions. It's called false postitive and of course ED is working on it but that is beyond the HB's abilities for a fix now. Win10 i7-10700KF 32GB RTX4070S Quest 3 T16000M VPC CDT-VMAX TFRP FC3 F-14A/B F-15E CA SC NTTR PG Syria
speed-of-heat Posted April 29, 2020 Author Posted April 29, 2020 No one forces you turn off the AV. It's your rightful choice to wait for the better versions of both DCS and/or AV defs if you wish so. Hopefully the stable, when it comes, will have these problems sorted after ED is happy with the beta. I just gave info on options to let anyone enjoy the working beta when troubles like these happen. Keep in mind there are hundreds of thousands players enjoying it including devs, content creators and popular youtubers. The reason behind AV alarms is the copy protection changes ED uses in their code which trigger detecting potentialy suspicious actions. It's called false postitive and of course ED is working on it but that is beyond the HB's abilities for a fix now. actually HB could just submit there dll's when they release them .... it took me about 10 mins to do it for you to Microsoft.. you are welcome SYSTEM SPECS: Hardware AMD 9800X3D, 64Gb RAM, 4090 FE, Virpil T50CM3 Throttle, WinWIng Orion 2 & F-16EX + MFG Crosswinds V2, Varjo Aero SOFTWARE: Microsoft Windows 11, VoiceAttack & VAICOM PRO YOUTUBE CHANNEL: @speed-of-heat
Shibbyland Posted April 29, 2020 Posted April 29, 2020 Thanks Draconus, that's fair enough. I'm happy to wait. I'm periodically attempting to re-download the beta (because the multiplayer is much more active on beta) in the hope ESET have made adjustments and it no longer detects an issue.
Tsavong Posted April 29, 2020 Posted April 29, 2020 I had the same problem yesterday with AJS37-Avionics.dll but aftrer updating Windows Defender today it no longer flaged so I was able to download the AJS37 again.
captain_dalan Posted May 1, 2020 Posted May 1, 2020 I have to agree, our job is to report a bug, dev's job to solve it. Modules: FC3, Mirage 2000C, Harrier AV-8B NA, F-5, AJS-37 Viggen, F-14B, F-14A, Combined Arms, F/A-18C, F-16C, MiG-19P, F-86, MiG-15, FW-190A, Spitfire Mk IX, UH-1 Huey, Su-25, P-51PD, Caucasus map, Nevada map, Persian Gulf map, Marianas map, Syria Map, Super Carrier, Sinai map, Mosquito, P-51, AH-64 Apache
Recommended Posts